COMMUNICATIONS COMMITTEE

Transkript

1 EUROPEAN COMMISSION Information Society and Media Directorate-General Electronic Communications Policy Implementation of Regulatory Framework (I) Brussels, 04 October 2011 DG INFSO/B2 COCOM11-20 LIMITED COMMUNICATIONS COMMITTEE Working Document Subject: Questionnaire on the implementation of the Article 5(3) of the eprivacy Directive This is a Committee working document which does not necessarily reflect the official position of the Commission. No inferences should be drawn from this document as to the precise form or content of future measures to be submitted by the Commission. The Commission accepts no responsibility or liability whatsoever with regard to any information or data referred to in this document. Commission européenne, B-1049 Bruxelles/ Europese Commissie, B-1049 Brussel Belgium. Telephone: (32-2) Office: BU33 4/43. Telephone: direct line (32-2) Fax: (32-2)

2 Introduction On 25 May 2011, the transposition deadline for the revised regulatory framework for electronic communications expired. Among the amended provisions included in the Citizens' Rights Directive is Article 5(3) of the eprivacy Directive, which concerns the storing and accessing of information on users' terminal devices and affects inter alia, but not exclusively, so-called cookies. To help Member States transpose this provision, the Commission presented a guidance document to COCOM and published it in 2010 (COCOM10-34). In the meantime, the Directorate-General for Information Society and Media has also facilitated discussions among stakeholders on online behavioural advertising self regulation. The Commission services have announced that they would monitor and evaluate progress on implementation of national self-regulatory schemes, including compliance with EU law in view of further discussions with stakeholders planned for early This document includes a questionnaire to be used for the purpose of gathering information on the overall implementation and enforcement of Article 5(3) of the eprivacy Directive as amended by the Citizens' Rights Directive in the Member States. Next steps Member States are accordingly invited to submit their replies to the final questionnaire by 18 November 2011 at the latest. A report of Member States replies will be presented at a forthcoming COCOM meeting. 2

4 personal data and about the processing of his data in countries outside the scope of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ EC No. L 281 S. 31) in generally understandable form, unless such information has already been provided. In the case of an automated procedure which permits subsequent identification of the recipient of the service and prepares the collection or use of personal data, the recipient of the service must be informed at the beginning of this procedure. The content of this information must be accessible by the recipient of the service at any time. Explanation: Automated procedure means any procedure including the storing of information or the gaining of access to information already stored, in the terminal equipment of a subscriber or user, according to Art. 5 Par. 3 E-Privacy- Directive.) 2. Erfordernis der Einwilligung gemäß Art. 5 Abs. 3 E- privacy-richtlinie: Die Mitgliedstaaten stellen sicher, dass die Speicherung von Informationen oder der Zugriff auf Informationen, die bereits im Endgerät eines Teilnehmers oder Nutzers gespeichert sind, nur gestattet ist wenn der betreffende Teilnehmer oder Nutzer ( ), seine Einwilligung gegeben hat. Dies steht einer technischen Speicherung oder dem Zugang nicht entgegen, wenn der alleinige Zweck die Durchführung der Übertragung einer Nachricht über ein elektronisches Kommunikationsnetz ist oder wenn dies unbedingt erforderlich ist, damit der Anbieter eines Dienstes der Informationsgesellschaft, der vom Teilnehmer oder Nutzer ausdrücklich gewünscht wurde, diesen Dienst zur Verfügung stellen kann. ( Member States shall ensure that the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned has given his or her consent, ( ).This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service. ) Umgesetzt in 12 und 15 TMG:: 12: Der Diensteanbieter darf personenbezogene Daten zur Bereitstellung von Telemedien nur erheben und verwenden, soweit dieses Gesetz oder eine andere Rechtsvorschrift, die sich ausdrücklich auf Telemedien bezieht, es erlaubt oder der Nutzer eingewilligt hat. Der Diensteanbieter darf für die Bereitstellung von Telemedien erhobene personenbezogene Daten für andere 4

5 Zwecke nur verwenden, soweit dieses Gesetz oder eine andere Rechtsvorschrift, die sich ausdrücklich auf Telemedien bezieht, es erlaubt oder der Nutzer eingewilligt hat. 15 Abs. 1 Satz 1: Der Diensteanbieter darf personenbezogene Daten eines Nutzers nur erheben und verwenden, soweit dies erforderlich ist, um die Inanspruchnahme von Telemedien zu ermöglichen und abzurechnen (Nutzungsdaten). Erläuterung: 12 stellt klar, dass personenbezogene Daten im Zusammenhang mit der Bereitstellung von Telemedien ohne Einwilligung nur verarbeitet werden dürfen, wenn der Gesetzgeber dies ausdrücklich erlaubt. Eine solche gesetzliche Erlaubnis enthält 15 TMG, der regelt, dass Nutzerdaten bei Inanspruchnahme von Telemedien ohne Einwilligung nur verarbeitet werden dürfen, wenn das für diesen Zweck erforderlich ist. Für die Speicherung und den Abruf von Informationen wie z. B. Cookies bedeutet dies, dass solche Verfahren in Deutschland ohne Einwilligung des Nutzers nur zulässig sind, wenn dies aus technischen Gründen für die Inanspruchnahme erforderlich ist. Im Übrigen dürfen solche Verfahren ohne Einwilligung des Nutzers nicht verwendet werden. (Transposed in 12 and 15 Telemedia Law: 12: The service provider may collect and use personal data for the provision of telemedia only to the extent that this Act or another statutory provision referring expressly to telemedia permits it or that the recipient of the service has given his consent. The service provider may collect and use personal data for other purposes only to the extent that this Act or another statutory provision referring expressly to telemedia permits it or if the recipient of the service has given his consent. 15: The service provider may collect and use the personal data of a recipient of a service only to the extent necessary to enable and invoice the use of telemedia (data on usage). Explanation: 12 clarifies that personal data in connection with the use of information society services can be processed without the concent of the user only in the case of this being permitted expressively by law. Such a permission is regulated in 15 Telemedia Law, which rules that data on usage can be processed without consent only in the case of this being necessary to enable the use of the information society service. Regarding the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user like cookies - this means, that such a procedure is only permitted by law, if this is for technical reasons necessary to deliver the service. In all other cases such a procedure is not permitted 5

8 (Answer: There are no such specific rules in Germany. However, according to the decision of the Federal Constitution Court from Feb. 27, 2008 the clandestine access violates the general personal right regarding the basic right on trustworthyness and integrity of information technology. The federal office for IT-Safety provides detailed information on risks and protection measures regarding cookies and malicious software.) INFORMED CONSENT 2. Is there any guidance specifying how consent can be given? Is there any detail on the type and level of information that must be provided to the subscriber/user? How is the ability to revoke consent ensured? Antwort: Die Einwilligung richtet sich nach den datenschutzrechtlichen Bestimmungen. Nach 13 Abs. 2 Telemediengesetz kann die Einwilligung elektronisch erklärt werden, wenn der Diensteanbieter sicherstellt, dass der Nutzer seine Einwilligung bewusst und eindeutig erteilt hat, die Einwilligung protokolliert wird, der Nutzer den Inhalt der Einwilligung jederzeit abrufen kann und der Nutzer die Einwilligung jederzeit mit Wirkung für die Zukunft widerrufen kann. Nach 13 Abs. 3 TMG hat der Diensteanbieter hat den Nutzer vor Erklärung der Einwilligung auf das Widerrufsrecht hinzuweisen. Dieser Hinweis muss für den Nutzer jederzeit abrufbar sein. (Answer: Consent is to be given according do data protection laws. 13 (2) Telemedia law provides, that consent can be declared by electronic means if the service provider ensures that the recipient of the service has consciously and unambiguously given his approval, a record of the approval is kept, the recipient of the service can access the content of the approval at any time and the recipient of the service can revoke the approval at any time with effect for the future. 13 (3) Telemedia Law provides that the service provider must refer the user to the right to revoke is consent before the user states his approval. This information has to be at any time at the user`s disposal.) EXCEPTIONS 3. According to Article 5 (3) possible exceptions may apply when the processing "is strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service". Are the exceptions to the need to express informed consent further specified in national law? COMPETENT AUTHORITY COMPLAINTS AND Antwort: Auf die Ausführungen in Teil I wird verwiesen. Das TMG enthält keine weiteren Spezifikationen. (Answer: See answers in part I. There are no further specifications in the Telemedia law) 4. Which is/are the competent authority/authorities responsible for enforcement? To whom should users and subscribers complain? How do competent authorities handle complaints from citizens? 8

13 TRAINING 7. Is there any training provided/foreseen for civil servants dealing with enforcement of these rules? Antwort: Siehe hierzu die Ausführungen unter 4. (Answer: See answer to question 4) CHALLENGES 8. Do you see any enforcement challenges, regarding e.g. consent or other issues, cross-border issues, which would hamper the effective implementation in you country as of today? If any such issues exist, how do competent national authorities intend to resolve them? Antwort: Es bestehen keine Hindernisse seitens der Datenschutzaufsichtsbehörden, die gesetzlichen Anforderungen gegenüber in ihrem Zuständigkeitsbereich niedergelassenen Diensteanbietern durchzusetzen. (Answer: There are no such enforcement challenges.) INTERNATIONAL COOPERATION 9. Are there specific procedures in place for assuring international cooperation if needed? Could you describe specific limitations to your jurisdiction which can have an impact on enforcement? Antwort: Es bestehen keine spezifischen Beschränkungen, die Einfluss auf die Durchsetzung haben. Die deutschen Datenschutzbehörden arbeiten über den Düsseldorfer Kreis zusammen (vgl. Auf die Antwort zu Frage 4 wird verwiesen. (Answer: There are no specific limitations to law enforcement. The German data protection authorities cooperate in the Düsseldorf Circle. See answer to question 4.) PRACTICE 10. Can you describe your experience with the application of these rules in your country, if any? Please specify any measure taken so far in practice related to cookies, as well as to 'spyware' and other malicious software such as web bugs, hidden identifiers, and viruses. Antwort: Siehe hierzu die Ausführungen unter 4. (Answer: See answer to question 4) Part III: SELF REGULATION DEPLOYMENT 11. Is self-regulation expected to contribute to the effective application of the rules transposing Article 5(3)? If so, can you describe any self regulatory initiative ongoing at national level (e.g. scope, stakeholders involved, methods to provide information and consent, enforcement)? Are competent national authorities involved e.g. co-regulation? Antwort: Selbstregulierung erscheint als wichtiger Beitrag zur Umsetzung 13

SCHENCK TECHNOLOGIE- UND INDUSTRIEPARK GMBH (TIP) is a company, which is independent of GoIndustry DoveBid and provides the following services: 1. Preparation of export documents. Invoice showing invoiced

p^db=`oj===pìééçêíáåñçêã~íáçå= Error: "Could not connect to the SQL Server Instance" or "Failed to open a connection to the database." When you attempt to launch ACT! by Sage or ACT by Sage Premium for

Labour law and Consumer protection principles usage in non-state pension system by Prof. Dr. Heinz-Dietrich Steinmeyer General Remarks In private non state pensions systems usually three actors Employer

The projectivity of the moduli space of stable curves. I: Preliminaries on "det"... Knudsen, Finn; Mumford, David pp. 19-55 Terms and Conditions The Göttingen State and University Library provides access

CA_MESSAGES_ORS_HDTV_IRD_GUIDELINE 1/8 ORS NOTICE This document is property of Österreichische Rundfunksender GmbH & Co. KG, hereafter ORS, and may not be reproduced, modified and/or diffused in any way

Berlin and Seefeld, 20 August 2015 Dear EASC colleague, We warmly invite you to this year s of Members on Friday, 18 September 2015, 17:00 to 20:00 hours at Coaching Institut Berlin, Waldstr. 32, 10551

Umrüstung von SMA Wechselrichtern nach SysStabV Bernd Lamskemper Disclaimer IMPORTANT LEGAL NOTICE This presentation does not constitute or form part of, and should not be construed as, an offer or invitation

Application of EN ISO 13849-1 in electro-pneumatic control systems Hazards and measures against hazards by implementation of safe pneumatic circuits These examples of switching circuits are offered free

Evaluation of schools in switzerland Challenges for the future between extern and intern evaluation Michael Frais Schulentwicklung in the Kanton Zürich between internal evaluation and external evaluation

Version: 00; Status: E Seite: 1/6 This document is drawn to show the functions of the project portal developed by Ingenics AG. To use the portal enter the following URL in your Browser: https://projectportal.ingenics.de

Possible Solutions for Development of Multilevel Pension System in the Republic of Azerbaijan by Prof. Dr. Heinz-Dietrich Steinmeyer Introduction Multi-level pension systems Different approaches Different

Making quality visible. National Quality Certificate for Old Age and Nursing Homes in Austria (NQC) Human Rights Council Genf, 15 September 2015 The Austrian System of Long Term Care System: 2 main components:

p^db=`oj===pìééçêíáåñçêã~íáçå= How to Disable User Account Control (UAC) in Windows Vista You are attempting to install or uninstall ACT! when Windows does not allow you access to needed files or folders.

Exercise (Part XI) Notes: The exercise is based on Microsoft Dynamics CRM Online. For all screenshots: Copyright Microsoft Corporation. The sign ## is you personal number to be used in all exercises. All

Name: AP Deutsch Sommerpaket 2014 The AP German exam is designed to test your language proficiency your ability to use the German language to speak, listen, read and write. All the grammar concepts and

Advanced Availability Transfer Transfer absences from HR to PPM A PLM Consulting Solution Public Advanced Availability Transfer With this solution you can include individual absences and attendances from

SELF-STUDY DIARY (or Lerntagebuch) GER102 This diary has several aims: To show evidence of your independent work by using an electronic Portfolio (i.e. the Mahara e-portfolio) To motivate you to work regularly

0 Corporate Digital Learning, How to Get It Right Learning Café Online Educa Berlin, 3 December 2015 Key Questions 1 1. 1. What is the unique proposition of digital learning? 2. 2. What is the right digital

Informationen zum Elterngeld in Englisch Parental allowance Who can get parental allowance? Parents can claim parental allowance for their own child. The child must live with the mother or the father in

Kuhnke Technical Data The following page(s) are extracted from multi-page Kuhnke product catalogues or CDROMs and any page number shown is relevant to the original document. The PDF sheets here may have

Creating OpenSocial Gadgets Bastian Hofmann Agenda Part 1: Theory What is a Gadget? What is OpenSocial? Privacy at VZ-Netzwerke OpenSocial Services OpenSocial without Gadgets - The Rest API Part 2: Practical

Exercise (Part II) Notes: The exercise is based on Microsoft Dynamics CRM Online. For all screenshots: Copyright Microsoft Corporation. The sign ## is you personal number to be used in all exercises. All

This press release is approved for publication. Press Release Chemnitz, February 6 th, 2014 Customer-specific software for autonomous driving and driver assistance (ADAS) With the new product line Baselabs

1. CLARIN Privacy Policy A model agreement for the Privacy Policy has been drafted below. Depending on the content of the processing services and the national legislation of the Content Provider, the model